chore(deps): update terraform aws to v5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	major	~> 4.9 -> ~> 5.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.39.1

Compare Source

BUG FIXES:

• data-source/aws_instance: Fix panic: Invalid address to set related to root_block_device.0.tags_all (#​36054)

v5.39.0

Compare Source

FEATURES:

• New Data Source: aws_redshift_data_shares (#​35937)
• New Resource: aws_apprunner_deployment (#​35758)
• New Resource: aws_config_retention_configuration (#​15136)
• New Resource: aws_securityhub_automation_rule (#​34781)
• New Resource: aws_shield_proactive_engagement (#​34667)

ENHANCEMENTS:

• aws_kinesis_firehose_delivery_stream: Add custom_time_zone and file_extension arguments to the extended_S3_configuration configuration block (#​35969)
• resource/aws_appflow_flow: Allow task.source_fields to be a null value (#​35993)
• resource/aws_codepipeline: Add trigger configuration block (#​35475)
• resource/aws_config_configuration_recorder: Add plan-time validation of aws_config_organization_custom_rule.lambda_function_arn (#​15136)
• resource/aws_instance: Add configurable read timeout (#​35955)
• resource/aws_instance: Apply default tags to volumes/block devices managed through an aws_instance, add ebs_block_device.*.tags_all and root_block_device.*.tags_all attributes which include default tags (#​33769)
• resource/aws_mq_broker: Add data_replication_mode and data_replication_primary_broker_arn arguments, enabling support for cross-region data replication (#​35990)
• resource/aws_mwaa_environment: Add endpoint_management attribute (#​35961)
• resource/aws_redshiftserverless_namespace:
  Add attributes admin_password_secret_kms_key_id and manage_admin_password (#​35965)
• resource/aws_shield_drt_access_log_bucket_association: Support resource import (#​34667)
• resource/aws_shield_drt_access_role_arn_association: Support resource import (#​34667)
• resource/aws_spot_instance_request: Add configurable read timeout (#​35955)
• resource/aws_wafv2_web_acl: Add application_integration_url attribute (#​35974)

BUG FIXES:

• data/aws_redshiftserverless_namespace: Properly set iam_roles attribute on read (#​35965)
• resource/aws_appflow_flow: Fix perpetual diff when task.task_type is set to Map_all (#​35993)
• resource/aws_config_configuration_recorder: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when recording_group.exclusion_by_resource_types is empty (#​15136)
• resource/aws_config_rule: Change name to ForceNew (#​15136)
• resource/aws_config_rule: Fix InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY errors on resource Update (#​15136)
• resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs when Names are ordered differently (#​36029)
• resource/aws_msk_replicator: Fix incorrect detect_and_copy_new_topics attribute value from state read/refresh (#​35966)
• resource/aws_redshiftserverless_workgroup: Fix max_capacity removal (#​36032)
• resource/aws_redshiftserverless_workgroup: Fix updating both base_capacity and max_capacity (#​36032)
• resource/aws_shield_drt_access_log_bucket_association: Change log_bucket and role_arn_association_id to ForceNew (#​34667)

v5.38.0

Compare Source

FEATURES:

• New Data Source: aws_batch_job_definition (#​34663)
• New Data Source: aws_cognito_user_group (#​34046)
• New Data Source: aws_cognito_user_groups (#​34046)

ENHANCEMENTS:

• data-source/aws_alb_target_group: Add load_balancer_arns attribute (#​34364)
• data-source/aws_ec2_instance_type: Add maximum_network_cards attribute (#​35840)
• data-source/aws_elasticache_subnet_group: Add vpc_id attribute (#​35887)
• data-source/aws_lb_target_group: Add load_balancer_arns attribute (#​34364)
• provider: Add token_bucket_rate_limiter_capacity parameter (#​35926)
• resource/aws_alb_target_group: Add load_balancer_arns attribute (#​34364)
• resource/aws_codedeploy_deployment_config: Add arn attribute (#​35888)
• resource/aws_codepipeline: Add execution_mode argument (#​35875)
• resource/aws_config_configuration_recorder: Add recording_mode configuration block (#​35527)
• resource/aws_db_instance: Add plan-time validation of performance_insights_retention_period (#​35870)
• resource/aws_elasticache_subnet_group: Add vpc_id attribute (#​35887)
• resource/aws_lb_target_group: Add load_balancer_arns attribute (#​34364)
• resource/aws_redshiftserverless_workgroup: Add max_capacity argument (#​35720)
• resource/aws_transfer_server: Add TransferSecurityPolicy-2024-01 and TransferSecurityPolicy-FIPS-2024-01 as valid values for security_policy_name (#​35879)

BUG FIXES:

• data-source/aws_caller_identity: Fix authentication signature error when alternate sts_region is specified (#​35860)
• data-source/aws_eks_access_entry: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• data-source/aws_eks_addon: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• data-source/aws_eks_cluster: Fix name plan-time validation, allowing single-character names (#​35874)
• resource/aws_cloudsearch_domain: Prevent panic when reading nil index_field options response values (#​35900)
• resource/aws_eks_access_entry: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_access_policy_association: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_addon: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_cluster: Fix name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_fargate_profile: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_node_group: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_prometheus_scraper: Fixes invalid result after apply error. (#​35844)
• resource/aws_sqs_queue_policy: Retry IAM eventual consistency errors (#​35861)

v5.37.0

Compare Source

NOTES:

• provider: Updates to Go 1.21 (used by Terraform starting with v1.6.0), which, for Windows, requires at least Windows 10 or Windows Server 2016--support for previous versions has been discontinued--and, for macOS, requires macOS 10.15 Catalina or later--support for previous versions has been discontinued. (#​35832)
• resource/aws_bedrock_provisioned_model_throughput: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​35689)

FEATURES:

• New Data Source: aws_db_parameter_group (#​35698)
• New Resource: aws_bedrock_provisioned_model_throughput (#​35689)
• New Resource: aws_cloudfront_key_value_store (#​35663)
• New Resource: aws_redshift_data_share_consumer_association (#​35771)

ENHANCEMENTS:

• data-source/aws_ecr_pull_through_cache_rule: Add credential_arn attribute (#​34475)
• data-source/aws_ecs_task_execution: Add client_token argument (#​34402)
• data-source/aws_neptune_cluster_instance: Add skip_final_snapshot argument (#​35698)
• data-source/aws_rds_engine_version: Improve search functionality and options by adding latest, preferred_major_targets, and preferred_upgrade_targets. Add version_actual attribute (#​35698)
• data-source/aws_rds_orderable_db_instance: Improve search functionality and options by adding engine_latest_version and supports_clusters arguments and converting read_replica_capable, supported_engine_modes, supported_network_types, and supports_multi_az to arguments for use as search criteria (#​35698)
• resource/aws_appsync_graphql_api: Add introspection_config, query_depth_limit, and resolver_count_limit arguments (#​35631)
• resource/aws_codeartifact_domain: Add s3_bucket_arn attribute (#​35760)
• resource/aws_ecr_pull_through_cache_rule: Add credential_arn argument (#​34475)
• resource/aws_ecs_service: Add service_connect_configuration.service.timeout and service_connect_configuration.service.tls configuration blocks (#​35684)
• resource/aws_ecs_task_definition: Add track_latest argument (#​30154)
• resource/aws_glue_catalog_database: Add federated_database argument (#​35799)
• resource/aws_glue_trigger: Add configurable timeouts (#​35542)
• resource/aws_rds_cluster: Add domain and domain_iam_role_name arguments to support Kerberos authentication (#​35753)
• resource/aws_route53_record: Add geoproximity_routing_policy configuration block to support geoproximity routing (#​35565)
• resource/aws_route53_resolver_rule: Add target_ip.protocol argument (#​35744)
• resource/aws_sagemaker_endpoint_configuration: Add routing_config argument. Enables the specification of a routing_strategy. (#​34777)
• resource/aws_sagemaker_space: Add ownership_settings, space_sharing_settings, space_settings.app_type, space_settings.code_editor_app_settings, space_settings.custom_file_system, space_settings.jupyter_lab_app_settings, and space_settings.space_storage_settings arguments (#​35116)

BUG FIXES:

• provider: Fix failed to get rate limit token, retry quota exceeded errors (#​35817)
• resource/aws_apigateway_domain_name: Properly send changes to ownership_verification_certificate_arn on update (#​35777)
• resource/aws_apigatewayv2_route: Fix BadRequestException: Unable to update route. Authorizer type is invalid or null errors when updating authorizer_id (#​35821)
• resource/aws_autoscaling_group: Fix version to computed for inconsistent final plan issue (#​35774)
• resource/aws_datasync_task: Fix crash when reading empty report_override values (#​35778)
• resource/aws_datasync_task: Prevent ValidationErrors when empty values are sent with report_override arguments (#​35778)
• resource/aws_db_proxy: Change auth from TypeList to TypeSet as order is not significant (#​35819)
• resource/aws_ecs_account_setting_default: Remove plan-time validation of value (#​33393)
• resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs when Secrets are ordered differently (#​35792)
• resource/aws_eks_access_policy_association: Retry IAM eventual consistency errors on create (#​35736)
• resource/aws_instance: Fix ReservationCapacityExceeded errors when updating instance_type and capacity_reservation_specification.capacity_reservation_target.capacity_reservation_id (#​33412)
• resource/aws_lakeformation_resource: Properly handle configured false values for use_service_linked_role (#​35799)
• resource/aws_medialive_channel: Added client_cache to hls_group_settings. (#​35738)
• resource/aws_ram_resource_share_accepter: Fix handling of out-of-band resource share deletion (#​35800)
• resource/aws_redshift_data_share_authorization: Fix read operation to properly handle shares in ACTIVE status (#​35771)
• resource/aws_s3_bucket_acl: Correctly updates access_control_policy when switching configuration to acl. (#​35775)
• resource/resource_share_acceptor: Wait until RAM resource share available after accepting the invitation (#​34753)

v5.36.0

Compare Source

NOTES:

• data-source/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#​35615)
• resource/aws_controltower_landing_zone: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​34595)
• resource/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#​35615)

FEATURES:

• New Resource: aws_controltower_landing_zone (#​34595)
• New Resource: aws_osis_pipeline (#​35582)
• New Resource: aws_redshift_data_share_authorization (#​35703)
• New Resource: aws_securitylake_custom_log_source (#​35354)

ENHANCEMENTS:

• resource/aws_cloudwatch_metric_stream: Add plan-time validation of output_format (#​35569)
• resource/aws_db_instance: Add diag.log and notify.log as valid values for enabled_cloudwatch_logs_exports (#​35626)
• resource/aws_db_instance: Add domain_auth_secret_arn, domain_dns_ips, domain_fqdn, and domain_ou arguments to support self-managed Active Directory (#​35500)
• resource/aws_s3_bucket_metric: Add filter.access_point argument (#​35590)
• resource/aws_verifiedaccess_group: Add sse_configuration argument (#​34055)

BUG FIXES:

• resource/aws_db_instance: Creating resource from point-in-time recovery now handles password attribute correctly (#​35589)
• resource/aws_dynamodb_table: Ensure that replicas are always set on Read (#​35630)
• resource/aws_emr_cluster: Properly normalize launch_specifications.on_demand_specification.allocation_strategy and launch_specifications.spot_specification.allocation_strategy values to fix perpetual state differences (#​34367)
• resource/aws_kinesis_firehose_delivery_stream: Change extended_s3_configuration.processing_configuration.processors.parameters from TypeList to TypeSet as order is not significant (#​35672)
• resource/aws_lambda_function: Resolve consecutive diff issue in logging_config when values for application_log_level or system_log_level are not specified (#​35694)
• resource/aws_lb_listener: Fixes unexpected diff when using default_action parameters which don't match the type. (#​35678)
• resource/aws_lb_listener: Was incorrectly reporting conflicting default_action[].target_group_arn when ignore_changes was set. (#​35671)
• resource/aws_lb_listener: Was not storing default_action[].forward in state if only a single target_group was set. (#​35671)
• resource/aws_lb_listener_rule: Fixes unexpected diff when using action parameters which don't match the type. (#​35678)
• resource/aws_lb_listener_rule: Was incorrectly reporting conflicting action[].target_group_arn when ignore_changes was set. (#​35671)
• resource/aws_lb_listener_rule: Was not storing action[].forward in state if only a single target_group was set. (#​35671)
• resource/aws_ssm_patch_baseline: Mark json as Computed if there are content changes (#​35606)

v5.35.0

Compare Source

FEATURES:

• New Data Source: aws_bedrock_custom_model (#​34310)
• New Data Source: aws_bedrock_custom_models (#​34310)
• New Data Source: aws_ssmcontacts_rotation (#​32710)
• New Resource: aws_bedrock_custom_model (#​34310)
• New Resource: aws_lexv2models_slot (#​34617)
• New Resource: aws_lexv2models_slot_type (#​35555)
• New Resource: aws_rekognition_collection (#​35407)
• New Resource: aws_sesv2_email_identity_policy (#​35486)
• New Resource: aws_ssmcontacts_rotation (#​32710)

ENHANCEMENTS:

• data-source/aws_redshift_cluster: Add multi_az attribute (#​35508)
• resource/aws_lakeformation_resource: Add hybrid_access_enabled argument (#​35571)
• resource/aws_lakeformation_resource: Add with_federation argument (#​35154)
• resource/aws_redshift_cluster: Add multi_az argument (#​35508)
• resource/aws_redshiftserverless_endpoint_access: Add owner_account argument (#​35509)
• resource/aws_wafv2_rule_group: Add header_order to field_to_match configuration blocks (#​35521)
• resource/aws_wafv2_web_acl: Add header_orderto field_to_match configuration blocks (#​35521)

BUG FIXES:

• data-source/aws_networkmanager_core_network_policy_document: Remove core_network_configuration.edge_locations maximum item limit (#​35585)
• resource/aws_backup_plan: Fix InvalidParameterValueException: Invalid lifecycle. EBS Cold Tier is not yet supported errors on resource Create in AWS GovCloud (US) (#​35560)
• resource/aws_cognito_user_group: Allow import of user groups with names containing / (#​35501)
• resource/aws_dms_event_subscription: Mark source_ids as Optional. This fixes a regression introduced in v5.31.0 (#​35541)
• resource/aws_efs_file_system: Increase lifecycle_policy maximum item limit to 3 (#​35522)
• resource/aws_eks_access_entry: Retry IAM eventual consistency errors on create (#​35535)
• resource/aws_finspace_kx_cluster: Increase command_line_arguments max length restriction from 50 to 1024. (#​35581)

v5.34.0

Compare Source

FEATURES:

• New Resource: aws_rekognition_project (#​35429)
• New Resource: aws_route53domains_delegation_signer_record (#​33596)

ENHANCEMENTS:

• data-source/aws_codecommit_repository: Add kms_key_id attribute (#​35095)
• data-source/aws_imagebuilder_components: Add support for ThirdParty owner value (#​35286)
• data-source/aws_imagebuilder_container_recipes: Add support for ThirdParty owner value (#​35286)
• data-source/aws_imagebuilder_image_recipes: Add support for ThirdParty owner value (#​35286)
• data-source/aws_ssm_patch_baseline: Add json attribute to facilitate use with S3 buckets (#​33402)
• resource/aws_accessanalyzer_analyzer: Add configuration configuration block (#​35310)
• resource/aws_appflow_flow: Add flow_status attribute (#​34948)
• resource/aws_codecommit_repository: Add kms_key_id argument (#​35095)
• resource/aws_codecommit_trigger: Add plan-time validation of trigger.destination_arn and trigger.events (#​35095)
• resource/aws_ecs_capacity_provider: Add auto_scaling_group_provider.managed_draining argument (#​35421)
• resource/aws_fis_experiment_template: Add support for AutoScalingGroups, Buckets, ReplicationGroups, Tables and TransitGateways to action.*.target (#​35300)
• resource/aws_fsx_openzfs_file_system: Add skip_final_backup argument (#​35320)
• resource/aws_network_interface_sg_attachment: Increase default timeouts to 3 minutes and allow them to be configured (#​35435)
• resource/aws_prometheus_scraper: Add role_arn attribute (#​35453)
• resource/aws_route53domains_registered_domain: Support resource import (#​33596)
• resource/aws_ssm_patch_baseline: Add json attribute to facilitate use with S3 buckets (#​33402)
• resource/aws_wafv2_web_acl: Add challenge_config argument (#​35367)

BUG FIXES:

• resource/aws_codebuild_project: Allow build_batch_config to be removed on Update (#​34121)
• resource/aws_eks_access_entry: Mark kubernetes_groups as Computed (#​35391)
• resource/aws_eks_access_entry: Mark type and user_name as Optional, allowing values to be configured (#​35391)
• resource/aws_grafana_license_association: Fix missing workspace_id attribute after import (#​35290)
• resource/aws_security_group_rule: Fix UnsupportedOperation: The functionality you requested is not available in this region errors on Read in certain partitions (#​33484)

v5.33.0

Compare Source

FEATURES:

• New Data Source: aws_eks_access_entry (#​35037)
• New Resource: aws_eks_access_entry (#​35037)
• New Resource: aws_eks_access_policy_association (#​35037)
• New Resource: aws_lexv2models_intent (#​34891)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add access_config attribute (#​35037)
• data-source/aws_secretsmanager_secret: Add created_date and last_changed_date attributes (#​35117)
• data-source/aws_secretsmanager_secret_version: Add created_date attribute (#​35117)
• resource/aws_backup_plan: Add rule.lifecycle.opt_in_to_archive_for_supported_resources and rule.copy_action.lifecycle.opt_in_to_archive_for_supported_resources and arguments (#​34994)
• resource/aws_eks_cluster: Add access_config configuration block (#​35037)
• resource/aws_lakeformation_resource: Add use_service_linked_role argument (#​35284)
• resource/aws_secretsmanager_secret_rotation: Add rotate_immediately argument (#​35105)

BUG FIXES:

• resource/aws_datasync_task: Allow schedule to be removed successfully (#​35282)
• resource/aws_fis_experiment_template: Fix validation error when not using target.resource_arns or target.resource_tag attributes. (#​35254)
• resource/aws_lb_listener: Fix ValidationError: Mutual Authentication mode passthrough does not support ignoring certificate expiry errors when mutual_authentication.mode is set to passthrough (#​35289)
• resource/aws_secretsmanager_secret_version: Fix InvalidParameterException: The parameter RemoveFromVersionId can't be empty. Staging label AWSCURRENT is currently attached to version ..., so you must explicitly reference that version in RemoveFromVersionId errors when a secret is updated outside Terraform (#​19943)

v5.32.1

Compare Source

BUG FIXES:

• data-source/aws_ecr_image: Fix error when most_recent is not also latest (#​35269)
• resource/aws_iot_ca_certificate: Change registration_config.role_arn from TypeBool to TypeString, fixing Inappropriate value for attribute "role_arn": a bool is required errors (#​35234)
• resource/aws_mq_broker: Fix interface conversion: interface {} is *schema.Set, not []string panic (#​35265)

v5.32.0

Compare Source

FEATURES:

• New Data Source: aws_mq_broker_engine_types (#​34232)
• New Data Source: aws_msk_bootstrap_brokers (#​32484)
• New Data Source: aws_verifiedpermissions_policy_store (#​32204)
• New Resource: aws_ebs_fast_snapshot_restore (#​35211)
• New Resource: aws_elasticache_serverless_cache (#​34951)
• New Resource: aws_imagebuilder_workflow (#​35097)
• New Resource: aws_kinesis_resource_policy (#​35167)
• New Resource: aws_prometheus_scraper (#​34749)
• New Resource: aws_securitylake_aws_log_source (#​34974)
• New Resource: aws_ssoadmin_application_access_scope (#​34811)
• New Resource: aws_verifiedpermissions_policy_store (#​32204)
• New Resource: aws_verifiedpermissions_policy_template (#​32205)
• New Resource: aws_verifiedpermissions_schema (#​32204)

ENHANCEMENTS:

• data-source/aws_batch_compute_environment: Add update_policy attribute (#​34353)
• data-source/aws_ecr_image: Add image_uri attribute (#​24526)
• data-source/aws_efs_file_system: Add lifecycle_policy.transition_to_archive attribute (#​35096)
• data-source/aws_efs_file_system: Add protection attribute (#​35029)
• data-source/aws_elastic_beanstalk_hosted_zone: Add hosted zone ID for il-central-1 AWS Region (#​35131)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ca-west-1 AWS Region (#​35131)
• data-source/aws_fsx_ontap_file_system: Add ha_pairs and throughput_capacity_per_ha_pair attributes (#​34993)
• data-source/aws_glue_catalog_table: Add region attribute to target_table block. (#​34817)
• data-source/aws_lambda_function: Add logging_config attribute (#​35050)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ca-west-1 AWS Region (#​35131)
• data-source/aws_lb_target_group: Add load_balancing_anomaly_mitigation attribute (#​35083)
• data-source/aws_msk_configuration: Remove name length validation (#​34399)
• data-source/aws_networkfirewall_firewall_policy: Add firewall_policy.tls_inspection_configuration_arn attribute (#​35094)
• data-source/aws_prometheus_workspace: Add kms_key_arn attribute (#​35062)
• data-source/aws_route53_resolver_endpoint: Add protocols attribute (#​35098)
• data-source/aws_route53_resolver_endpoint: Add resolver_endpoint_type attribute (#​34798)
• data-source/aws_s3_bucket: Add hosted zone ID for ca-west-1 AWS Region (#​35131)
• provider: Support ca-west-1 as a valid AWS Region (#​35131)
• resource/aws_appflow_flow: Add destination_connector_properties.s3.s3_output_format_config.target_file_size argument (#​35215)
• resource/aws_appstream_fleet: Increase idle_disconnect_timeout_in_seconds max value for validation to 360000 (#​35173)
• resource/aws_autoscaling_group: Add instance_refresh.preferences.max_healthy_percentage attribute (#​34929)
• resource/aws_autoscaling_group: Fix ValidationError: The instance ... is not part of Auto Scaling group ... errors on resource Delete when disabling scale-in protection for instances that are already fully terminated (#​35071)
• resource/aws_batch_compute_environment: Add update_policy parameter (#​34353)
• resource/aws_batch_job_definition: Add scheduling_priority argument and arn_prefix attribute (#​34997)
• resource/aws_cloud9_environment_ec2: Add amazonlinux-2023-x86_64 and resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64 as valid values for image_id (#​35020)
• resource/aws_codepipeline: Add pipeline_type argument and variable configuration block (#​34841)
• resource/aws_dms_replication_task: Allow cdc_start_time to use RFC3339 formatted dates in addition to UNIX timestamps (#​31917)
• resource/aws_dms_replication_task: Remove ForceNew from replication_instance_arn, allowing in-place migration between DMS instances (#​30721)
• resource/aws_efs_file_system: Add lifecycle_policy.transition_to_archive argument (#​35096)
• resource/aws_efs_file_system: Add protection configuration block (#​35029)
• resource/aws_efs_replication_configuration: Increase Create timeout to 20 minutes (#​34955)
• resource/aws_efs_replication_configuration: Mark destination.file_system_id as Optional, enabling EFS replication fallback (#​34955)
• resource/aws_finspace_kx_dataview: Increase default create, update, and delete timeouts to 4 hours (#​35207)
• resource/aws_finspace_kx_scaling_group: Increase default create, delete timeouts to 4 hours (#​35206)
• resource/aws_fsx_lustre_file_system: Allow per_unit_storage_throughput to be updated in-place (#​34932)
• resource/aws_fsx_ontap_file_system: Add ha_pairs and throughput_capacity_per_ha_pair arguments (#​34993)
• resource/aws_fsx_ontap_file_system: Increase maximum value of disk_iops_configuration.iops to 2400000 (#​34993)
• resource/aws_fsx_ontap_file_system: throughput_capacity is Optional (#​34993)
• resource/aws_glue_catalog_table: Add region attribute to target_table block. (#​34817)
• resource/aws_glue_classifier: Add csv_classifier.serde argument (#​34251)
• resource/aws_kinesis_firehose_delivery_stream: Add opensearch_configuration.document_id_options configuration block (#​35137)
• resource/aws_kinesis_firehose_delivery_stream: Add splunk_configuration.buffering_interval and splunk_configuration.buffering_size arguments (#​35137)
• resource/aws_kinesis_firehose_delivery_stream: Adjust elasticsearch_configuration.buffering_interval, http_endpoint_configuration.buffering_interval, opensearch_configuration.buffering_interval, opensearchserverless_configuration.buffering_interval, redshift_configuration.s3_backup_configuration.buffering_interval,extended_s3_configuration.s3_backup_configuration.buffering_interval, elasticsearch_configuration.s3_configuration.buffering_interval, http_endpoint_configuration.s3_configuration.buffering_interval, opensearch_configuration.s3_configuration.buffering_interval, opensearchserverless_configuration.s3_configuration.buffering_interval, redshift_configuration.s3_configuration.buffering_interval and splunk_configuration.s3_configuration.buffering_interval minimum values to 0 to support zero buffering (#​35137)
• resource/aws_kms_key: Add xks_key_id attribute (#​31216)
• resource/aws_lambda_function: Add logging_config configuration block in support of advanced logging controls (#​35050)
• resource/aws_lambda_function: Add support for python3.12 runtime value (#​35049)
• resource/aws_lambda_layer_version: Add support for python3.12 compatible_runtimes value (#​35049)
• resource/aws_lb_target_group: Add load_balancing_anomaly_mitigation argument (#​35083)
• resource/aws_lb_target_group: Add weighted_random as a valid value for load_balancing_algorithm_type (#​35083)
• resource/aws_neptune_cluster: Add storage_type argument (#​34985)
• resource/aws_neptune_cluster_instance: Add storage_type attribute (#​34985)
• resource/aws_networkfirewall_firewall: Add configurable timeouts (#​34918)
• resource/aws_networkfirewall_firewall_policy: Add firewall_policy.tls_inspection_configuration_arn argument (#​35094)
• resource/aws_prometheus_workspace: Add kms_key_arn argument, enabling encryption at-rest using AWS KMS Customer Managed Keys (CMK) (#​35062)
• resource/aws_redshiftserverless_workgroup: Add port argument (#​34925)
• resource/aws_route53_resolver_endpoint: Add protocols argument (#​35098)
• resource/aws_route53_resolver_endpoint: Add resolver_endpoint_type argument (#​34798)
• resource/aws_s3_bucket: Modify resource Read to support third-party S3 API implementations. Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​35035)
• resource/aws_s3_bucket: Modify server-side encryption configuration error handling, enabling support for NetApp StorageGRID (#​34890)
• resource/aws_transfer_server: Add TransferSecurityPolicy-PQ-SSH-Experimental-2023-04 and TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04 as valid values for security_policy_name (#​35129)
• resource/aws_verifiedaccess_endpoint: Add policy_document argument (#​34264)

BUG FIXES:

• data-source/aws_lb_target_group: Change deregistration_delay from TypeInt to TypeString (#​31436)
• data-source/aws_s3_bucket_object: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• data-source/aws_s3_object: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• resource/aws_cloud9_environment_ec2: image_id is Required (#​35020)
• resource/aws_codebuild_project: Prevent erroneous diffs on build_timeout and queued_timeout for Lambda compute types (#​35043)
• resource/aws_datasync_agent: Fix import of agents created with activation_key by removing requirement for one of ip_address or activation_key to be set (#​35150)
• resource/aws_dms_replication_config: Prevent erroneous diffs on replication_settings (#​34356)
• resource/aws_dms_replication_task: Prevent erroneous diffs on replication_task_settings (#​34356)
• resource/aws_dynamodb_table: Fix error when waiting for snapshot to be created (#​34848)
• resource/aws_finspace_kx_dataview: Properly set arn attribute on read, resolving persistent differences when tags are configured (#​34998)
• resource/aws_glue_catalog_database: Properly handle out-of-band resource deletion (#​35195)
• resource/aws_iot_indexing_configuration: Correct plan-time validation of thing_indexing_configuration.filter.named_shadow_names (#​35225)
• resource/aws_kinesis_firehose_delivery_stream: Fix InvalidArgumentException: Both BufferSizeInMBs and BufferIntervalInSeconds are required to configure buffering for lambda processor errors on resource Update (#​26964)
• resource/aws_kinesis_firehose_delivery_stream: Fix perpetual extended_s3_configuration.processing_configuration.processors.parameters diffs when processor type is Lambda (#​35137)
• resource/aws_lambda_function: Ensure lambda does not get deployed if source_code_hash does not change. (#​29921)
• resource/aws_lb: Fix ValidationError: Attributes cannot be empty errors (#​35228)
• resource/aws_lb_target_group: Fix diff on stickiness.cookie_name when stickiness.type is lb_cookie (#​31436)
• resource/aws_memorydb_cluster: Treat snapshotting status as pending when creating cluster (#​31077)
• resource/aws_ram_principal_association: Fix reading RAM Resource Share (...) Principal Association (...): couldn't find resource (21 retries) errors when a high number of principals are associated with a resource share (#​34738)
• resource/aws_s3_bucket_object: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• resource/aws_s3_object: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• resource/aws_s3_object_copy: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• resource/aws_secretsmanager_secret_rotation: No longer ignores changes to rotation_rules.automatically_after_days when rotation_rules.schedule_expression is set. (#​35024)
• resource/aws_ses_configuration_set: Fix tracking_options being omitted from state and resulting in persistent diff (#​35056)
• resource/aws_ssoadmin_application: Fix portal_options.sign_in_options.application_url triggering ValidationError when unset (#​34967)

v5.31.0

Compare Source

FEATURES:

• New Data Source: aws_polly_voices (#​34916)
• New Data Source: aws_ssoadmin_application_assignments (#​34796)
• New Data Source: aws_ssoadmin_principal_application_assignments (#​34815)
• New Resource: aws_finspace_kx_dataview (#​34828)
• New Resource: `aws_finspace_

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.